/*
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 */
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringEscapeUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;

/**
 * Evaluate the Single Sign-On user consent
 * 
 * @author tlenz
 *
 */
@Component("EvaluateSSOConsentsTaskImpl")
public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {

	private static final String PARAM_SSO_CONSENTS = "value";
	
	@Autowired private SSOManager ssoManager;
	@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
	
	/* (non-Javadoc)
	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
	 */
	@Override
	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
			throws TaskExecutionException {
		try {
			//evaluate SSO consents flag
			String ssoConsentsString = request.getParameter(PARAM_SSO_CONSENTS);
			ssoConsentsString = StringEscapeUtils.escapeHtml(ssoConsentsString);
			if (!ParamValidatorUtils.isValidUseMandate(ssoConsentsString))
				throw new WrongParametersException("EvaluateSSOConsentsTaskImpl", PARAM_SSO_CONSENTS, null);
			
			boolean ssoConsents = false;
			if (MiscUtil.isNotEmpty(ssoConsentsString))
				ssoConsents = Boolean.parseBoolean(ssoConsentsString);
			
			//perform default task initialization 
			//defaultTaskInitialization(request, executionContext);
			
			//check SSO session cookie and MOASession object
			String ssoId = ssoManager.getSSOSessionID(request);			
			if (!(ssoManager.isValidSSOSession(ssoId, pendingReq))) {
				Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ...");
				throw new AuthenticationException("auth.30", null);
				
			}
			
			//Log consents evaluator event to revisionslog
			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED, String.valueOf(ssoConsents));
						
			//user allow single sign-on authentication
			if (ssoConsents) {
				//load MOA SSO-session from database
				AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());

				
				//Populate this pending request with SSO session information
				pendingReq.setRawDataToTransaction(ssoMOSSession.getKeyValueRepresentationFromAuthSession());;
				
				//authenticate pending-request
				pendingReq.setNeedUserConsent(false);
				pendingReq.setAuthenticated(true);
				pendingReq.setAbortedByUser(false);
								
			} else {
				//user deny single sign-on authentication
				Logger.debug("User deny the Single Sign-On authentication for SP: " + pendingReq.getSPEntityId());
				pendingReq.setAbortedByUser(true);
			
			}
			
			//store pending-request			
			requestStoreage.storePendingRequest(pendingReq);

			//redirect to auth. protocol finalization
			performRedirectToProtocolFinialization(executionContext, pendingReq, request, response);
			
		} catch (MOAIDException e) {
			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
			
		} catch (Exception e) {
			Logger.warn("FinalizeAuthenticationTask has an internal error", e);
			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
			
		}

	}

}